The honeypot is one of the most tried-and-true tactics in both law enforcement and espionage. It also has a long history in cybersecurity – a history that’s being put to excellent use in defending the Internet of Things. Ladies and gentlemen, say hello to HoneyBot.

It’s not an easy question to answer. To understand why, one needs to understand a little about IoT’s security landscape. There are two core issues where IoT security is concerned – and one of them is staring at us in the mirror every morning.

First, it’s that IoT vendors are not software vendors. Most don’t have any real concept of what’s required to keep a connected device safe from unauthorized access. Moreover, security isn’t really a priority for them – they’re more concerned with time to market and tamping shiny new features onto their devices.

And that’s where we, the end users come in. We are, beyond any shadow of a doubt, a huge part of the problem. Because no matter how much we may claim it matters, no matter who much we may wax on about security, when given the choice between a more secure device and a more convenient one, most of us will overwhelmingly choose the latter.

Most business leaders know that you can’t really change something that’s ingrained into the behavior of their audience – at least not overnight. And most organizations know that in order to start holding vendors more accountable for their security flubs, we’ll need to push for regulatory reform. Again, that takes time.

Meet HoneyBot, the IoT honeypot

Fortunately, they’ve started getting results. Researchers at Georgia Tech’s School of Computer and Electrical Engineering, for example, have uncovered one possible route to fixing IoT’s security woes. It’s called HoneyBot, and the software at its heart could have some incredible implications.

A tiny remote-controlled robot that looks a little like a mix between Johnny 5 from Short Circuit and the titular Wall-E, HoneyBot is designed to provide remote sensor data and movement information to anyone who connects to it. But it’s also got a neat little trap built into its software.

If a user – say, someone who shouldn’t have access to HoneyBot in the first place – tries to make it do something its owner doesn’t want it to do, HoneyBot pretends it’s following their command. While simulating a response, it sends alerts to its real-world owners. The bad actor thinks they’ve successfully compromised the robot, when in reality all they’ve done is alert a cybersecurity team to their presence.

It’s a solution that’s brilliant in its simplicity, and one that works surprisingly well. The team has, according to Network World, already completed preliminary tests that indicate the robot works. Users trying to virtually pilot it through a maze were unable to distinguish between simulated data and real data – several people who attempted to cheat the maze by taking ‘forbidden’ shortcuts thought they succeeded, while the robot simply sat idle.

Mind you, it’s not a perfect solution. Clever attackers have ways of recognizing that they’re being spoofed, and there are likely methods for circumventing HoneyBot’s protections.

“If the attacker is smart and is looking out for the potential of a honeypot, maybe they’d look at different sensors on the robot, like an accelerometer or speedometer, to verify the robot is doing what it had been instructed,” explains Professor Raheem Beyah, who spearheaded the bot’s creation. “That’s where we would be spoofing that information as well. The hacker would see from looking at the sensors that acceleration occurred from point A to point B.”

Still, it’s better than what we’ve got now, which is nothing. If we were to combine the core concept of HoneyBot’s software with better security regulation, greater accountability for IoT vendors, and more visibility into connected endpoints, we’ll be one step closer to solving the biggest cybersecurity roadblock our society has ever seen. We’ll be one step closer to a safer, better, and more secure connected world.

Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.

TechTalks Newsletter

ABOUT US

At TechTalks, we examine trends in technology, how they affect the way we live and do business, and the problems they solve. But we also discuss the evil side of technology, the darker implications of new tech and what we need to look out for.
The idea is to be able to make the most out of the benefits provided by new tech trends and to minimize the trade-offs and costs.